Search code examples
twiliotwilio-apitwilio-functions

Is there a way to call a private/protected twilio function?

This is my first time using twilio and I start with the new twilio-cli and I create new project to build and deploy a backend over twilio functions, but I need that some of the functions keep in private, and I want to call that function through their specific api-endpoint but, I always receive the message "Unauthorized - you are not authenticated to perform this request"

This is the plugin that I am using with twilio-cli https://github.com/twilio-labs/plugin-serverless to start the basic project to deploy to twilio.

I already tried to use the curl documentation that I found here: https://www.twilio.com/docs/studio/rest-api/execution but none of the example execute the function.

curl -X POST 'https://serverless.twilio.com/v1/Services/ZSXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX/Functions/ZHXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' \
  -u ACXXXXXXXXXXXX:your_auth_token

I just need to receive a hello world message, this is the code of the function:

exports.handler = function(context, event, callback) {
  const twiml = new Twilio.twiml.MessagingResponse();
  twiml.message("Hello World!");
  console.log("Track this");
  callback(null, twiml);
};
Solution

  • Heyooo. πŸ‘‹ Twilio developer evangelist here.

    If you followed the serverless plugin init process by running twilio serverless:init you should have the following project structure.

    .
β”œβ”€β”€ assets
β”‚Β Β  β”œβ”€β”€ index.html
β”‚Β Β  β”œβ”€β”€ message.private.js
β”‚Β Β  └── style.css
β”œβ”€β”€ functions
β”‚Β Β  β”œβ”€β”€ hello-world.js
β”‚Β Β  β”œβ”€β”€ private-message.js
β”‚Β Β  └── sms
β”‚       └──reply.protected.js
β”œβ”€β”€ node_modules
β”œβ”€β”€ package-lock.json
└── package.json

    These files result in the following HTTP endpoints after you run twilio serverless:deploy. (you will have a different domain).

    Deploying functions & assets to the Twilio Runtime

Account     SK6a...
Token       kegH****************************
Service Name    foo-2
Environment dev
Root Directory  /private/tmp/foo
Dependencies
Env Variables

βœ” Serverless project successfully deployed

Deployment Details
Domain: foo-3513-dev.twil.io
Service:
   foo (ZS8...)
Environment:
   dev (ZE0...)
Build SID:
   ZB9...
Functions:
   [protected] https://foo-3513-dev.twil.io/sms/reply
   https://foo-3513-dev.twil.io/hello-world
   https://foo-3513-dev.twil.io/private-message
Assets:
   [private] Runtime.getAssets()['/message.js']
   https://foo-3513-dev.twil.io/index.html
   https://foo-3513-dev.twil.io/style.css

    Have a close look at the Runtime Urls in the functions block. These are the endpoints that will be available. As you see the bootstrap project includes two public functions (/hello-world and /private-message). You can call these with curl or your browser.

    Additionally, there is one protected function (/sms/reply). This function available for calls from within Twilio.

    This means that protected functions expect a valid Twilio signature. You can read about that here. If you connect e.g. Studio to call the function it will work because the webhook includes a Twilio signature. If you want to curl it you have to provide X-Twilio-Signature header.

    Hope this helps. :)